Lucene search
K

2442 matches found

RedHat Linux
RedHat Linux
added 2011/09/28 11:10 p.m.2 views

Mozilla: Defense against multiple Location headers due to CRLF Injection (MFSA 2011-39)

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting...

4.3CVSS7.4AI score0.02018EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2011/09/28 12:0 a.m.50 views

CVE-2011-3000

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting...

4.3CVSS7.2AI score0.02018EPSS
Exploits0References4
securityvulns
securityvulns
added 2011/09/26 12:0 a.m.49 views

Multiple vulnerabilities in AWStats

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in AWStats. These are Cross-Site Scripting, Redirector, SQL Injection, HTTP Response Splitting and CRLF Injection vulnerabilities in AWStats in awredir. AWStats includes script Advanced Web Redirector awredir.pl. There were...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2011/09/25 12:0 a.m.41 views

AWStats 7.0 / 6.0 SQL Injection / Cross Site Scripting / CRLF Injection

No description provided by source. Vulnerable are all versions of AWStats 6.0, 7.0 and previous versions. ---------- Details: ---------- AWStats includes script Advanced Web Redirector awredir.pl. There were already found by trev and tx XSS and Redirector vulnerabilities in awredir.pl in 2008...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2011/09/23 12:0 a.m.39 views

AWStats 7.0 / 6.0 SQL Injection / Cross Site Scripting / CRLF Injection

Hello list! I want to warn you about multiple security vulnerabilities in AWStats. These are Cross-Site Scripting, Redirector, SQL Injection, HTTP Response Splitting and CRLF Injection vulnerabilities in AWStats in awredir. ------------------------- Affected products: -------------------------...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2011/09/19 12:0 a.m.11 views

Toko Lite CMS 1.5.2 - edit.php HTTP Response Splitting

Toko Lite CMS 1.5.2 - edit.php HTTP Response Splitting Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/09/19 12:0 a.m.23 views

Toko Lite CMS 1.5.2 - HTTP Response Splitting / Cross-Site Scripting

source: https://www.securityfocus.com/bid/49673/info Toko LiteCMS is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script cod...

7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/09/19 12:0 a.m.19 views

Toko Lite CMS 1.5.2 (edit.php) HTTP Response Splitting Vulnerability

Summary Toko Web Content Editor cms is a compact, multi language, open source web editor and content management system CMS. It is advanced easy to use yet fully featured program that can be integrated with any existing site. It takes 2 minuets to install even for non technical users. Description...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2011/09/19 12:0 a.m.31 views

Toko Lite CMS 1.5.2 HTTP Response Splitting

Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web editor and content management system CMS. It is advance...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/09/19 12:0 a.m.27 views

Toko Lite CMS 1.5.2 - 'edit.php' HTTP Response Splitting

Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web editor and content management system CMS. It is advance...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2011/09/19 12:0 a.m.29 views

Toko Lite CMS 1.5.2 - HTTP Response Splitting Cross-Site Scripting

Toko Lite CMS 1.5.2 - HTTP Response Splitting Cross-Site Scripting source: https://www.securityfocus.com/bid/49673/info Toko LiteCMS is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...

6.8AI score
Exploits0
0day.today
0day.today
added 2011/09/18 12:0 a.m.13 views

Toko Lite CMS 1.5.2 (edit.php) HTTP Response Splitting Vulnerability

Exploit for php platform in category web applications Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2011/09/09 12:0 a.m.75 views

[SECURITY] [DSA 2301-1] rails security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2301-1 [email protected] http://www.debian.org/security/ Luciano Bello September 5, 2011 http://www.debian.org/security/faq -...

7.5CVSS1.8AI score0.03022EPSS
Exploits0
NVD
NVD
added 2011/08/29 6:55 p.m.19 views

CVE-2011-3186

CRLF injection vulnerability in actionpack/lib/actioncontroller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header...

4.3CVSS6.7AI score0.01748EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2011/08/29 6:55 p.m.31 views

CVE-2011-3186

CRLF injection vulnerability in actionpack/lib/actioncontroller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header...

4.3CVSS7.2AI score0.01748EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2011/08/29 6:0 p.m.34 views

CVE-2011-3186

CRLF injection vulnerability in actionpack/lib/actioncontroller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header...

4.3CVSS6.9AI score0.01748EPSS
Exploits0
Cvelist
Cvelist
added 2011/08/29 6:0 p.m.35 views

CVE-2011-3186

CRLF injection vulnerability in actionpack/lib/actioncontroller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header...

6.6AI score0.01748EPSS
Exploits0References12
CVE
CVE
added 2011/08/29 6:0 p.m.104 views

CVE-2011-3186

CVE-2011-3186 is a CRLF injection vulnerability in Rails 2.3.x, exploitable via the Content-Type header in actionpack/lib/action_controller/response.rb, allowing an attacker to inject arbitrary HTTP headers and perform HTTP response splitting. The issue affects Rails 2.3.x up to 2.3.12; a fix was...

4.3CVSS6.7AI score0.01748EPSS
Exploits0References12Affected Software1
0day.today
0day.today
added 2011/08/06 12:0 a.m.27 views

ATutor 2.0.2 Multiple Vulnerabilities

Exploit for php platform in category web applications Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 2.0.2 build r10589 Summary: ATutor is an Open Source Web-based Learning Content Management System LCMS designed with accessibility and...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2011/08/06 12:0 a.m.22 views

ATutor 2.0.2 HTTP Response Splitting

ATutor 2.0.2 lang HTTP Response Splitting Vulnerability Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 2.0.2 build r10589 Summary: ATutor is an Open Source Web-based Learning Content Management System LCMS designed with accessibility and...

7.4AI score
Exploits0
Rows per page
Query Builder